Stellar Web Solutions

Navigation

How-To: Build your own PayPal Encrypted Buttons

Paypal uses the X.509 standard certificate format which was originally
developed for sending encrypted email messages. PayPal uses this to
encrypt the data so they can decrypt it, while signing it so that they
can ensure that you originated it.

How It Works

You first create a private key and public signing certificate and download PayPal's public
key. You upload your public certificate to PayPal. PayPal generates a unique
ID to ensure a malicious user is not just using their own certificate.

Using something like open source tool OPENSSL, you can encrypt your form data
to be sent to PayPal. You can test all of this with PayPal's sandbox website.

Step 1b: Manual Creation - Generate public certificate good for 1 year

my-pubcert.pem is your public signing certificate. Remember that your
certificate is only valid for 365 days with this command, you should recreate your
key and certificate every year.

Step 2: Upload Your Public Certificate

To upload your public certificates to PayPal:
1. Log in to your Business or Premier account.
2. Click the Profile subtab.
3. In the Seller Preferences column, click Encrypted Payment Settings.
4. Click Add.
5. Click Browse, and select your public certificate file "my-pubcert.pem".
6. When your public certificate is successfully uploaded, it appears on the next screen under Your Public Certificates.
7. Record the Cert ID, you'll need to include this in any encrypted data.

Step 3: Download the PayPal Public Certificate

You use PayPal's public certificate to encrypt your button code. To download PayPal's public certificate:
1. Log in to your Business or Premier account.
2. Click the Profile subtab.
3. In the Seller Preferences column, click Encrypted Payment Settings.
4. Click Download in the PayPal Public Certificate area.

Step 4: Block unencrypted payment buttons

You can prevent malicious users from submitting made up unencrypted buttons by blocking
unencrypted payments. You should probably have everything working before you complete this
step or your current payment buttons may become broken.
1. Log in to your Business or Premier account.
2. Click the Profile subtab.
3. Click the Website Payment Preferences link in the right-hand menu.
4. Select On next to Block Non-encrypted Website Payments.
5. Click Save.

Step 5: Generate your own payment buttons.

You can use PHP or other languages such as PERL to implement PayPal encrypted button generation.

The following code is an example of how to implement
PayPal button encryption.
This code uses proc_open to call OpenSSL and read the output - an encrypted blob. The function paypal_encrypt accepts a PHP associative array as input and returns the encrypted text.

For users experiencing problems with the proc_open version with some recent versions
of OpenSSL, download the streamed version from the top right corner of the example box instead.